<?php

require_once 'Zend/Acl.php';
require_once 'Zend/Acl/Role.php';
require_once 'Zend/Acl/Resource.php';

class MyAcl extends Zend_Acl {

    public function __construct(Zend_Auth $auth) {
        $acessos = null;
        $perfis = null;
        $sessioAcl = new Zend_Session_Namespace('acl');
        
        $this->init();
        
        if ($auth->hasIdentity()) {
            $storageObj = $auth->getStorage()->read();
            $codigo = $storageObj['id']['codigo'];
            
            if (isset($sessioAcl->acessos)) {
                $acessos = $sessioAcl->acessos;
                $perfis = $sessioAcl->perfis;
            } else {
                if(isset($codigo)){
                    $acessos = Application_Model_ModuloPerfilAcesso::getInstance()->getByModuloAcesso($codigo);
                    $sessioAcl->acessos = $acessos;
                }
            }
            
            if (count($acessos) > 0) {
                $this->addRole(new Zend_Acl_Role($acessos[0]['perfil_acesso']));
                $perfilAcesso='';
                foreach ($acessos as $item) {

                    if($perfilAcesso != $item['perfil_acesso']){
                        $perfilAcesso = $item['perfil_acesso'];
                        $this->allow($perfilAcesso, 'login:login');
                        $this->allow($perfilAcesso, 'login:logout');
                        $this->allow($perfilAcesso, 'dashboard:dashboard');
                        $this->allow($perfilAcesso, 'default:error');
                    }
                    
                    if ($item['edita'] == 'S') {
                        $this->add(new Zend_Acl_Resource($item['modulo'] . ':' . 'edita'));
                        $this->allow($item['perfil_acesso'], $item['modulo'] . ':' . 'edita');
                        
                        $this->add(new Zend_Acl_Resource($item['modulo'] . ':' . 'insere'));
                        $this->allow($item['perfil_acesso'], $item['modulo'] . ':' . 'insere');
                    } else {
                        $this->add(new Zend_Acl_Resource($item['modulo'] . ':' . 'edita'));
                        $this->deny($item['perfil_acesso'], $item['modulo'] . ':' . 'edita');
                        
                        $this->add(new Zend_Acl_Resource($item['modulo'] . ':' . 'insere'));
                        $this->deny($item['perfil_acesso'], $item['modulo'] . ':' . 'insere');
                    }

                    if ($item['consulta'] == 'S') {
                        $this->add(new Zend_Acl_Resource($item['modulo'] . ':' . 'consulta'));
                        $this->allow($item['perfil_acesso'], $item['modulo'] . ':' . 'consulta');
                    } else {
                        $this->add(new Zend_Acl_Resource($item['modulo'] . ':' . 'consulta'));
                        $this->deny($item['perfil_acesso'], $item['modulo'] . ':' . 'consulta');
                    }
                }
            } else {
                $role = 'guest';
            }
        } else {
            $role = 'guest';
            $sessioAcl->unsetAll();
        }

    }
    
    private function init(){
        $this->add(new Zend_Acl_Resource('default'));
        $this->add(new Zend_Acl_Resource('default:index'), 'default');
        $this->add(new Zend_Acl_Resource('login'));
        $this->add(new Zend_Acl_Resource('login:login'), 'login');
        $this->add(new Zend_Acl_Resource('login:logout'), 'login');
        $this->add(new Zend_Acl_Resource('dashboard'));
        $this->add(new Zend_Acl_Resource('dashboard:dashboard'), 'dashboard');
        $this->add(new Zend_Acl_Resource('error'));
        $this->add(new Zend_Acl_Resource('default:error'),'default');
        
        $this->addRole(new Zend_Acl_Role('guest'));
        $this->allow('guest', 'default:index');
        $this->allow('guest', 'login:login');
        $this->allow('guest', 'login:logout');
        $this->allow('guest', 'default:error');
    }
}

?>